Microsoft starts the year with their first patch Tuesday bundle of security fixes targeting 10 Critical vulnerabilities include a zero-day being exploited in Windows Defender.
The Windows Defender vulnerability (CVE-2021-1647) is reported by Microsoft as having been detected under active exploitation in the wild – but precious little context information is provided under the firm’s new reporting policies that have removed the executive summaries from vulnerability reports. What we do know is that without any user interaction, an attacker could fully compromise the target system.
Windows Defender will also try to update itself automatically (without waiting for the monthly Patch Tuesday). You can check the version of Windows Defender by looking in Settings > About in the Windows Security app on Windows 10. The fix for this vulnerability is in Engine version 1.1.17700.4.
Also patched this month are 5 vulnerabilities in the windows Remote Procedure Call subsystem including a remote code execution vulnerability (CVE-2021-1660) affecting almost all Windows desktop, server and even ARM tablet versions.
In total 83 vulnerabilities are patched in this month’s Microsoft Patch Tuesday bundle, 10 are Critical and 73 are rated as Important.
Applying the security patches to the software running on your network is an essential part of ensuring your network is secure and that your business is protected.